Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue anti-spyware installed itself, printer disabled


  • Please log in to reply
36 replies to this topic

#1 Cranqueen

Cranqueen

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 08 November 2010 - 04:34 AM

This virus has not only disabled my printer but will not allow me to log onto the internet, facebook or any site. It pretends to scan my computer and states it has found numerous infections. I tried cleaning it up by following the instructions for removal of Antivir Solution Pro and am now operating in safe mode. However, Malwarebytes did not detect any infections. I am not very computer savvy so I hope my explanation of my plight makes sense. I also noticed a pop-up stating something like "a USB device is not recognized" kept appearing again and again, even though I was not using a thumbdrive nor did I have any external drives in use. I am scared that I have a "back-door" virus...

Edited by elise025, 08 November 2010 - 04:47 AM.
Moved from XP to AII forum ~ Elise


BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:51 PM

Posted 08 November 2010 - 04:58 AM

... instructions for removal of Antivir Solution Pro and am now operating in safe mode. However, Malwarebytes did not detect any infections.

The problem may be that you failed to update the definitions database for MBAM (currently database version 5072, I think). Try updating MBAM (Open MBAM > Updates tab > Check for Updates). If it fails to update, then you may be able to do it manually using another computer.

Manually download MBAM definitions from here Malwarebytes' Anti-Malware Database
and transfer to the troubled computer. Double-click on mbam-rules.exe to install.

Please post the MBAM log(s) in full here.
(Open MBAM and click on the Logs tab.)

Follow the guide below, carefully ...

Remove Antivir Solution Pro (Uninstall Guide)
Posted by Grinler on July 14, 2010
http://www.bleepingcomputer.com/virus-removal/remove-antivir-solution-pro
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 Cranqueen

Cranqueen
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 08 November 2010 - 05:05 AM

The Malwarebytes Anti-Malware is 5070. Here is the contents of the log...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5070

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16890

11/8/2010 12:48:32 AM
mbam-log-2010-11-08 (00-48-32).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 340511
Time elapsed: 1 hour(s), 6 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Cranqueen

Cranqueen
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 08 November 2010 - 05:14 AM

Please do not give up on me, but it is 2am here. I have battling with my computer all day and I have to sleep now. My husband was able to revert back to a date before the virus installed itself, so I am able to use my printer now. I am a little afraid to restart msconfig since all the steps I followed did not quarantine any viruses.

Edited by Cranqueen, 08 November 2010 - 05:16 AM.


#5 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:51 PM

Posted 08 November 2010 - 05:17 AM

Good.

Nearly bedtime here too. See you tomorrow in that case.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#6 Cranqueen

Cranqueen
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 08 November 2010 - 05:18 AM

I will check back in the morning for any other suggestions. Thank you for trying to help me.

#7 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:51 PM

Posted 08 November 2010 - 06:55 PM

My husband was able to revert back to a date before the virus installed itself, so I am able to use my printer now.

What is your situation today, following the successful system restore?
Do you have a working internet connection and are you able to update MBAM?

Try MBAM (Malwarebytes Anti-malware) like this:

  • With Windows booted normally (NOT in Safe Mode), open MBAM and click the Update tab and then Check for Updates.
  • When updating is complete, click the Scanner tab and select Perform quick scan and then click Scan.
  • When the scan has completed, if anything is found in the Results, choose Remove Selected.
  • Then post the contents of the log when it is displayed.
  • Now reboot Windows normally (NOT into Safe Mode). <<< Important

Please ask any questions, post the log and let us know how the PC is running now.

Edited by AustrAlien, 08 November 2010 - 06:56 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#8 Cranqueen

Cranqueen
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 09 November 2010 - 11:29 AM

After the system restore, I am back in business. WOW, that was one scary virus. Every click I made was answered with a pop-up warning me that my computer was infected and encouraging me to buy their product. I was sure that it was not real. My husband said that it disabled McAfee and my printer, so I could not print the instructions on how to remove the virus. It was one nasty bug! I am not much of a gamer but I do play Scrabble against a computer at Pogo. Could I have picked it up there, on FB (even though I never play games there) or at Big Fish playing Hidden Object games? I sure do not want that to happen again. Makes me paranoid.

Thank you for all you do. You are a hero!

#9 Cranqueen

Cranqueen
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 10 November 2010 - 10:22 AM

Prior to asking your advice, I downloaded Secunia which is NOT working as I had expected. (Clicking on the solutions just opens a weird word document that does not offer a solution) and since I downloaded it, my computer is so SLOW that it is crawling. I cannot figure out how to uninstall Secunia. Can you help me? I thought I should post this in another forum, but was not sure what topic to post it under...

#10 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:51 PM

Posted 10 November 2010 - 08:15 PM

I thought I should post this in another forum, but was not sure what topic to post it under...

Me neither ... try this one: All Other Applications

Secunia comes highly recommended, but I personally have no experience with it .... sorry. I am sure someone will be able to help with the issue you are having with Secunia.

Edited by AustrAlien, 10 November 2010 - 08:16 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#11 Cranqueen

Cranqueen
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 11 November 2010 - 06:30 PM

I am back and so is the virus (AntiVir Solution Pro)..the system restore put me back in business for a day or two, but the virus is back with a vengeance. I am following the steps suggested on bleeping computer to remove it, however when I get to the Rkill download step and attempt to run it, I get this message,

Services Stopped:

Processes terminated by Rkill or while it was running:

C:\Users\Dad\Desktop\iExplore.exe

Rkill completed on 11/11/2010 at 15:17:06.

I left the result on the screen and ran it again and again. No matter how many times I try to run it, I get the same message. I tried iExplorer.exe AND eXplorer.exe as well with the same results.

Now what?

Edited by Cranqueen, 11 November 2010 - 06:33 PM.


#12 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:51 PM

Posted 11 November 2010 - 06:37 PM

What you see is fine. rkill stopped a process. It has done it's job.

Simply continue with the instructions in the guide.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#13 Cranqueen

Cranqueen
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 12 November 2010 - 03:49 AM

Okay, sorry I didn't follow your instructions to the letter. I clicked the Update tab, checked for Updates and downloaded the latest version. I have copied the contents of the log, but I understand I am NOT supposed to paste it here. Where do I post it and how will you be able to find it when I do?

The rogue seems to be gone. I AM able to access the internet as the administrator, but when I log on as myself,I cannot reach Google, I get this message "Internet Explorer cannot display the webpage" Can you help?

Edited by Cranqueen, 12 November 2010 - 03:50 AM.


#14 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:51 PM

Posted 12 November 2010 - 03:56 AM

There are some logs that should not be posted here in this forum (DDS, HJT, CF, OTL).

Please post the log from MBAM here in this thread.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#15 Cranqueen

Cranqueen
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 12 November 2010 - 04:21 AM

Shoot.. I copied it and I was doing something else and lost it....is there a way to find it again? I already closed notepad.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users